U.S. patent application number 13/547098 was filed with the patent office on 2013-01-31 for method of counter-measuring against side-channel attacks.
This patent application is currently assigned to CROCUS TECHNOLOGY SA. The applicant listed for this patent is Jean-Sebastien Coron. Invention is credited to Jean-Sebastien Coron.
Application Number | 20130028412 13/547098 |
Document ID | / |
Family ID | 47576770 |
Filed Date | 2013-01-31 |
United States Patent
Application |
20130028412 |
Kind Code |
A1 |
Coron; Jean-Sebastien |
January 31, 2013 |
METHOD OF COUNTER-MEASURING AGAINST SIDE-CHANNEL ATTACKS
Abstract
According to the present invention there is provided a method of
counter-measuring against side channel attacks, the method
comprising executing a block-cipher algorithm to mask intermediate
variables, wherein the block-cipher algorithm comprises one or more
non-linear functions, characterised in that at least one of the
non-linear functions is implemented using a match-in-place
function.
Inventors: |
Coron; Jean-Sebastien;
(Rueil-Malmaison, FR) |
|
Applicant: |
Name |
City |
State |
Country |
Type |
Coron; Jean-Sebastien |
Rueil-Malmaison |
|
FR |
|
|
Assignee: |
CROCUS TECHNOLOGY SA
Grenoble Cedex
FR
|
Family ID: |
47576770 |
Appl. No.: |
13/547098 |
Filed: |
July 12, 2012 |
Current U.S.
Class: |
380/28 |
Current CPC
Class: |
H04L 9/003 20130101;
H04L 2209/046 20130101; H04L 9/0631 20130101; H04L 2209/08
20130101 |
Class at
Publication: |
380/28 |
International
Class: |
H04L 9/28 20060101
H04L009/28 |
Foreign Application Data
Date |
Code |
Application Number |
Jul 26, 2011 |
EP |
11290337 |
Claims
1. A method of counter-measuring against side channel attacks, the
method comprising executing a block-cipher algorithm to mask
intermediate variables, wherein the block-cipher algorithm
comprises one or more non-linear functions, characterised in that
at least one of the non-linear functions is implemented using a
match-in-place function.
2. The method according to claim 1 wherein, the match-in-place
function is a bit-randomized match-in place function (MIP.sup.I
(data; adr,b)).
3. The method according to claim 2 wherein, the bit-randomized
match-in place function is defined as: MIP I ( data ; b if read (
adr ) = adr , b ) = { data b otherwise ##EQU00011## wherein adr is
an address in a memory, data is a variable which can be stored at
an address in a memory, and b is a value which is returned if the
data variable is equal to actual data which is present at the
address adr in memory; otherwise the complement of b is
returned.
4. The method according to claim 3 wherein MIP.sup.I (data; adr;
b)=MIP(data; adr).sym. b wherein b is the complement of b.
5. The method according to claim 2 wherein, the at least one of the
non-linear function comprises a compare.sub.b function, defined by:
compare b ( x ; y ) b if x = y = { b if x .noteq. y ##EQU00012##
wherein x is the first input variable of the compare.sub.b function
and y is the second input variable of the compare.sub.b function,
and b is a value which is returned if x is equal to y, and b is a
value which is returned if x is not equal to y, such that the
compare.sub.b function can be implemented by; writing the variable
x to an address adr in memory; executing the bit-randomized
match-in place function defined as: MIP I ( y ; adr , b ) = b if
read ( adr ) = { y b otherwise and , returning MIP I ( y ; adr , b
) . ##EQU00013##
6. The method according to claim 1 wherein, the non-linear function
is comprised in a SubByte operation.
7. The method according to claim 1 wherein, the block-cipher
algorithm further comprises one or more linear functions, wherein
at least one of the one or more linear functions are encrypted by
XORing the variables of the function.
8. The method according to claim 1 wherein, the block-cipher
algorithm is an Advanced Encryption Standard (AES) algorithm.
9. A computer readable medium comprising a computer program which
is configured to implement a method according to claim 1.
10. A method of computing a second order masked Sbox function from
a second order masked input, comprising the steps of (i)
b.rarw.rand(1) (ii) for a=0 to 2.sup.n-1 do (a) write (r.sub.1
.sym. a; adr) (b) cmp.rarw.MIP.sup.I (r.sub.2; adr; b) (c)
Rcmp.rarw.(S(x .sym. a) .sym. s.sub.1) .sym. s.sub.2 (iii) Return
R.sub.b wherein, b is a variable which represents a random bit
which indexes a register, and a is a variable which represents an
index which defines the number of times steps (a)-(c) should be
carried out, r.sub.1, r.sub.2 is a pair of input masks, x is a
masked value wherein x=x.sym. r.sub.1.sym. r.sub.2.sym.
.epsilon.F.sup.n.sub.2, and s.sub.1, s.sub.2 are a pair of output
masks, and adr is a free memory address, cmp is a bit variable
which indexes a register and is an output of the function MIP.sup.I
(r.sub.2; adr; b), and R.sub.cmp and R.sub.b are each register
addresses of a register of a micro-processor, and wherein MIP.sup.I
(r.sub.2; adr; b) is a bit-randomized match-in place function
defined as: MIP I ( data ; b if read ( adr ) = adr , b ) = { data b
otherwise ##EQU00014##
11. A computer readable medium comprising a computer program which
is configured to carry out a method according to claim 10.
Description
FIELD
[0001] The present invention concerns a method of counter-measuring
against side-channel attacks for block-ciphers, and in particular,
but not exclusively, to a method of counter-measuring which uses a
match-in-place function.
DESCRIPTION OF RELATED ART
[0002] Many existing encryption algorithms in use today, such as
the most widely used encryption algorithm `Advanced Encryption
Standard (AES)` are vulnerable to Differential Power Analysis
(DPA). DPA is a side-channel attack that consists in first
measuring a microprocessor's power consumption when executing a
cryptographic algorithm and then performing statistical analysis in
order to recover secret-keys used in the cryptographic algorithm
for encryption. Once the secret-keys have been determined it is
possible to decrypt encrypted information.
[0003] A microprocessor's electromagnetic emanations can also be
measured and exploited to determine secret-keys used in a
cryptographic algorithm for encryption.
[0004] A common technique to protect secret-key algorithms against
DPA consists of masking every intermediate variable with a random
mask. The masked data and the random mask are then processed
separately and eventually recombined at the end of the algorithm.
An attacker trying to analyze the power consumption of a
microprocessor at a single point will obtain random values (random
data values and random mask values); therefore, such masking will
be secure against first-order DPA.
[0005] A masking counter-measure is characterized by the number of
random masks used to protect a given sensitive variable; a masking
with d random masks is called a d-th order masking. A d-th order
masking can only be broken by a (d+1).sup.th order side-channel
analysis, i.e. an attack that requires the processing of d+1
variables simultaneously. The number of executions required to
break a counter-measure grows exponentially with the order d.
Therefore, the order d is a good security criterion. However, in
practice the most efficient counter-measures are of order d=1
only
[0006] It has been shown that a second-order DPA attacks to decrypt
masked data is possible. Therefore, better counter-measures are
needed in order to obtain fully secure encryption of data.
[0007] Further developments in counter-measures have been made; one
of the most recent counter-measures against side-channel attacks is
a counter-measure with order d=2.
[0008] For any masking counter-measure the main difficulty is to
protect the non-linear parts of the algorithm; for Advanced
Encryption Standard (AES) the non-linear parts of the algorithm are
essentially SBOX functions. The technique used consists of
iterating over the entire SBOX function for every SBOX look-up,
using a comparison algorithm that is implemented as a subroutine.
The comparison algorithm being called for every SBOX input, it is
possible to show that the counter-measure can resist any
second-order side-channel attack.
[0009] However such masking counter-measures are grossly
inefficient as it requires many operations during execution and
also utilises much of the microprocessors memory during
execution.
[0010] It is an aim of the present invention to obviate, or
mitigate, at least some of the afore-mentioned disadvantages.
SUMMARY
[0011] According to the invention, these aims are achieved by means
of a method of counter-measuring against side channel attacks, the
method comprising executing a block-cipher algorithm to mask
intermediate variables, wherein the block-cipher algorithm
comprises one or more non-linear functions, characterised in that
at least one of the non-linear functions is implemented using a
match-in-place function.
[0012] The method of the present invention makes use of a
match-in-place function to improve the efficiency of the method.
Using a match-in-place function reduces the number of operations
which are required to provide an effective counter-measuring
against side channel attacks. Furthermore, less memory is required
to implement the method of the present invention compared to know
methods.
[0013] The match-in-place function may be a bit-randomized match-in
place function (MIP.sup.I (data; adr,b)).
[0014] The bit-randomized match-in place function may be defined
as:
MIP I ( data ; b if read ( adr ) = adr , b ) = { data b otherwise
##EQU00001##
wherein adr is an address in a memory, data is a variable which can
be stored at an address in a memory, and b is a value which is
returned if the data variable is equal to actual data which is
present at the address adr in memory; otherwise the complement of b
is returned. b may be a bit value.
[0015] The following relationship may exist:
MIP.sup.I(data; adr; b)=MIP(data; adr).sym.b
wherein b is the complement of b.
[0016] The at least one of the non-linear function may comprise a
compare.sub.b function, defined by:
compare b ( x ; y ) b if x = y = { b if x .noteq. y
##EQU00002##
wherein x is the first input variable of the compare.sub.b function
and y is the second input variable of the compare.sub.b function,
and b is a value which is returned if x is equal to y, such that
the compare.sub.b function can be implemented by: writing the
variable x to an address adr in memory; executing the
bit-randomized match-in place function defined as:
MIP I ( y ; adr , b ) = b if read ( adr ) = { y b otherwise and ,
returning MIP I ( y ; adr , b ) . ##EQU00003##
[0017] The non-linear function may be comprised in a SubByte
operation. The non-linear function may be comprised in a SubByte
operation of an AES algorithm.
[0018] The block-cipher algorithm may further comprise one or more
linear functions. At least one of the one or more linear functions
may be masked by XORing variables of the function.
[0019] The block-cipher algorithm may be an Advanced Encryption
Standard (AES) algorithm.
[0020] According to a further aspect of the present invention there
is provided a computer readable medium comprising a computer
program which is configured to implement a method according to any
one of the afore mentioned methods.
[0021] According to a further aspect of the present invention there
is provided a method of computing a second order masked Sbox
function from a second order masked input, comprising the steps
of:
( i ) b .rarw. rand ( 1 ) ##EQU00004## ( ii ) for a = 0 to 2 n - 1
do ( a ) write ( r 1 .sym. a ; adr ) ##EQU00004.2## ( b ) cmp
.rarw. MIP I ( r 2 ; adr ; b ) ##EQU00004.3## ( c ) R cmp .rarw. (
S ( x .sym. a ) .sym. s 1 ) .sym. s 2 ##EQU00004.4##
[0022] (iii) Return R.sub.b
wherein, b is a variable which represents a random bit which
indexes a register, and a is a variable which represents an index
which defines the number of times steps (a)-(c) should be carried
out, r.sub.1, r.sub.2 is a pair of input masks, x is a masked value
wherein x=X.sym. r.sub.1.sym. r.sub.2.sym. .epsilon. F.sup.n.sub.2,
and s.sub.1, s.sub.2 are a pair of output masks, and adr is a free
memory address, cmp is a bit variable which indexes a register and
is an output of the function MIP.sup.I (r.sub.2; adr; b), R.sub.cmp
is a register address of a register of a micro-processor.
Typically, at least two registers R.sub.0 and R.sub.1 in the
micro-processor are used (i.e. cmp can be 0 or 1; a first register
R.sub.0 is indexed/addressed if cmp=0, and a second register
R.sub.1 is indexed/addressed if cmp=1). R.sub.b is a register
address of a register of a micro-processor. Typically at least two
registers R.sub.0 and R.sub.1 in the micro-processor are used (i.e.
b can be 0 or 1; register R.sub.0 is indexed/addressed if b=0, and
register R.sub.1 is indexed/addressed if b=1). MIP.sup.I (r.sub.2;
adr; b) is a bit-randomized match-in place function defined as:
MIP I ( data ; b if read ( adr ) = adr , b ) = { data b otherwise
##EQU00005##
[0023] According to a further aspect of the present invention there
is provided a computer readable medium comprising a computer
program which is configured to carry out the afore-mentioned method
of computing a second order masked Sbox function.
BRIEF DESCRIPTION OF THE DRAWINGS
[0024] The invention will be better understood with the aid of the
description of an embodiment given by way of example and
illustrated by the figures, in which:
[0025] FIG. 1 shows Pseudo-code for AES encryption;
[0026] FIG. 2 shows Pseudo-code for AES decryption;
[0027] FIG. 3 shows a table comprising the number of memory
transfers (pre-processing phase), number of XORs and memory
transfers (main phase) and memory required for the original
implementation of a compare.sub.b function and the implementation
of the compare.sub.b function according to the present
invention;
[0028] FIG. 4 shows a table comprising number of XORs, number of
memory transfers and memory required for a full second
Rivain-Dottax-Prouff (RDP2) algorithm implementation which uses the
method of the present invention to implementation a compare.sub.b
function.
DETAILED DESCRIPTION OF POSSIBLE EMBODIMENTS
[0029] The use of the method of the present invention in an AES
encryption algorithm will be described in detail. However, it
should be understood that the method of the present invention is
not limited to use with an AES encryption algorithm; the method of
the present invention could be used in any block-cipher
algorithm.
[0030] The AES Encryption Algorithm operates on a 4.times.4 array
of bytes s.sub.i,j, termed the `state`. For encryption, each
subpart of the AES Encryption Algorithm (except a last subpart)
comprises the following four stages: [0031] 1. AddRoundKey: each
byte of the state is xored with the round key [0032] k.sub.i,j,
derived from the key schedule:
[0032] s.sub.i,j.rarw.s.sub.i,j.sym.k.sub.i,j [0033] 2. SubBytes:
each byte of the state is updated using an 8-bit S-box
function:
[0033] s.sub.i,j.rarw.S(s.sub.i,j) [0034] The S-box function is
defined as:
[0034] S(x)=Aff(Inv(x)) [0035] where Aff is an affine function over
GF(2.sup.8) and
[0035] Inv(x)=x.sup.254 [0036] is the inverse function over
GF(2.sup.8) (with 0.fwdarw.0) [0037] 3. ShiftRows: the bytes of the
state are cyclically shifted in each row [0038] by a certain
offset; the first row is left unchanged. [0039] 4. MixColumns: the
bytes of the state are modified column by column as follows:
[0039]
s.sup.I.sub.0,c.rarw.(02s.sub.0,c).sym.(03s.sub.1,c).sym.s.sub.2,-
c.sym.s.sub.3,c
s.sup.I.sub.1,c.rarw.s.sub.0,c.sym.(02s.sub.1,c).sym.(03s.sub.2,c).sym.s-
.sub.3,c
s.sup.I.sub.2,c.rarw.s.sub.0,c.sym.s.sub.1,c.sym.(02s.sub.2,c).sym.(03s.-
sub.3,c)
s.sup.I.sub.3,c.rarw.903s.sub.0,c).sym.s.sub.1,c.sym.s.sub.2,c.sym.(02s.-
sub.3,c)
[0040] The pseudo-code for AES encryption with a 128-bit key is
given in FIG. 1. The word array `w` contains round keys (k.sub.i,j)
which are generated by a key-schedule algorithm.
[0041] For decryption, every round (except the last) comprises the
following operations: [0042] 1. InvShiftRows: is the inverse of the
ShiftRows operation (stage 3 of encryption). The bytes of the state
(a set of intermediate variables used in AES encryption, as defined
in paragraph [0025]) are cyclically shifted in each row by a
certain offset; the first row of bytes is left unchanged. [0043] 2.
InvSubBytes: is the inverse of the SubBytes operation (stage 2 of
encryption). The inverse S-box (S.sup.-) is applied on each byte of
the state, with:
[0043] S.sup.-1(x)=Inv(Aff.sup.-1(x)) [0044] 3. AddRoundKey: the
operation is equal to its own inverse. [0045] 4. InvMixColumns: is
the inverse of the MixColumns operation (stage 4 of the
encryption). The bytes of the state are modified column by column
as follows:
[0045]
s.sup.I.sub.0,c.rarw.(0es.sub.0,c).sym.(0bs.sub.1,c).sym.(0ds.sub-
.2,c).sym.(09s.sub.3,c)
s.sup.I.sub.1,c.rarw.(09s.sub.0,c).sym.(0es.sub.1,c).sym.(0bs.sub.2,c).s-
ym.(0ds.sub.3,c)
s.sup.I.sub.2,c.rarw.(0ds.sub.0,c).sym.(09s.sub.1,c).sym.(0es.sub.2,c).s-
ym.(0bs.sub.3,c)
s.sup.I.sub.3,c.rarw.(0bs.sub.0,c).sym.(0ds.sub.1,c).sym.(09s.sub.2,c).s-
ym.(0es.sub.3,c)
The pseudo-code for the inverse cipher is given in FIG. 2.
[0046] Finally, the round key-schedule (k.sub.i,j) is based on the
following operations: [0047] 1. SubWord: takes a four-byte input
word and applies the S-box (S(x)) to each of the four bytes. [0048]
2. RotWord: takes a word [a.sub.0; a.sub.1; a.sub.2; a.sub.3] as
input and performs a cyclic permutation to return [a.sub.1;
a.sub.2; a.sub.3; a.sub.0] [0049] 3. Xor with Rcon: takes as input
a 32-bits word and xor it with the round constant word array
Rcon[i]=[(02).sup.i-1; 00; 00; 00], for round 1.ltoreq.i.ltoreq.10.
We refer to [5] for a full description of the key-schedule.
[0050] As discussed in the introduction, the principle of the
masking counter-measure is to mask every intermediate variable with
one or more random masks. In case of the masking counter-measure
with order d=2, two masks are used, which gives a total of three
shares. More precisely, any state variable p (represented as a byte
in AES) is shared into three shares (p.sub.0; p.sub.1; P.sub.2)
with:
p=p.sub.0.sym.p.sub.1.sym.p.sub.2
where the shares p.sub.1 and p.sub.2 are called the masks.
[0051] The three shares p.sub.0, p.sub.1 and p.sub.2 must be
processed in such a way that the previous relation is preserved
throughout the execution of the encryption algorithm. Note that
similarly every byte k of the round key must be shared into three
shares (k.sub.0; k.sub.1; k.sub.2) such that
k=k.sub.0.sym.k.sub.1.sym.k.sub.2.
[0052] The linear parts of the block-cipher are easy to process. A
function f is said to be linear when the following holds:
f(x.sym.y)=f(x).sym.f(y) Equation (1)
[0053] Then for such linear function when given as input the three
shares (p.sub.0; p.sub.1; P.sub.2) such that:
p=p.sub.0.sym.p.sub.1.sym.p.sub.2
it suffices to compute f(p.sub.0), f(p.sub.1) and f(p.sub.2)
separately and forming Equation (1) one obtains:
f(p)=f(p.sub.0).sym.f(p.sub.1).sym.f(p.sub.2)
Therefore, the three output shares f(p.sub.0), f(p.sub.1) and
f(p.sub.2) are a valid sharing of the output f(p). For AES
encryption, the AddRoundKey, ShiftRows and MixColumns operation are
linear functions and can therefore be processed in this manner.
However, the SubBytes operation (such as the S-box function in the
case of AES) is non-linear and must be processed differently.
[0054] To process non-linear operations such as the S-box function
in the case of AES an algorithm can be defined as follows:
S:{0;1}.sup.n.fwdarw.{0;1}.sup.m
Note that for AES n=m=8. The algorithm preferably comprises a
masked function compare.sub.b defined as follows:
compare b ( x ; y ) b if x = y = { b if x .noteq. y
##EQU00006##
where the x and y are the input variables of the compare.sub.b
function.
[0055] Computation of a second-order masked S-box function from a
second-order masked input may be carried out as follows: [0056]
Input: A masked value
x=x.sym.r.sub.1.sym.r.sub.2.epsilon.F.sup.n.sub.2, wherein r.sub.1;
r.sub.2 is a pair of input masks, and s.sub.1;
s.sub.2.epsilon.F.sup.m.sub.2 is a pair of output masks. [0057]
Output: The masked S-box function output S(x) .sym. s.sub.1
.sym.S.sub.2. [0058] 1. b.rarw.rand(1) [0059] 2. for a=0 to 2n-1 do
[0060] (a) cmp.rarw.compare.sub.b (r.sub.1 .sym.a; r.sub.2) [0061]
(b) Rcmp.rarw.(S(x .sym. a) .sym. s.sub.1) .sym. s.sub.2 [0062] 3.
Return R.sub.b
[0063] Wherein r.sub.1 .sym.a; r.sub.2 are input variables of the
compare.sub.b function, a=r.sub.1.sym.r.sub.2 then
cmp=compare.sub.b (r.sub.1 .sym. a, r.sub.2)=compare.sub.b
(r.sub.2; r.sub.2)=b which gives R.sub.b=(S(x .sym. r.sub.1 .sym.
r.sub.2) .sym.s.sub.1) .sym. s.sub.2=S(x) .sym. s.sub.1 .sym.
s.sub.2 as required.
[0064] In this particular embodiment, care should be taken when
implementing the compare.sub.b function. Namely the compare.sub.b
(x; y) function preferably should not be implemented by computing x
.sym. y directly, since in the above algorithm this would amount to
computing (r.sub.1 .sym. r.sub.2.sym. a) which combined with x
would give a second-order leakage.
[0065] The method implementing of the compare.sub.b function to
prevent any first order side-channel leakage on x .sym. y will now
be described:
[0066] Recall that the function compare.sub.b is defined as:
compare b ( x ; y ) b if x = y = { b if x .noteq. y
##EQU00007##
[0067] The method of implementing requires a table T of 2.sup.n
bits in RAM. The table T is pre-processed as follows: [0068] 1.
r.sub.3.rarw.{0; 1}.sup.n [0069] 2. For i=0 to 2.sup.n-1 do
T[i].rarw.b [0070] 3. T[r.sub.3].rarw.b This completes the
pre-processing step.
[0071] At the end of this pre-processing step, the table T
satisfies:
b if x = T [ x ] = { r 3 b otherwise ##EQU00008##
Then the compare.sub.b function is implemented as:
return T[(x.sym.r.sub.3).sym.y]
In this case all intermediate variables in the computation are
independent of x .sym. y; this prevents any first-order
side-channel leakage on x .sym. y.
[0072] The above-mentioned implementation of the compare.sub.b is
known in the art. Disadvantageously, the above-mentioned
implementation of the compare.sub.b is inefficient; the
compare.sub.b algorithm requires 2.sup.n bits of RAM; in practice
however it may be more convenient to use 2.sup.n bytes of RAM since
otherwise bit-access techniques must be used which might be
cumbersome to implement securely. Pre-processing requires 2.sup.n+1
memory transfers; such pre-processing must be done before every
call to the RDP2 algorithm. Every call to compare.sub.b then
requires two XOR operations and one memory transfer. For AES with
n=8, the compare.sub.b function therefore requires 256 bytes of RAM
and 257 memory transfers during pre-processing. In total, the RDP2
algorithm then requires 62.sup.n XOR operations, 32.sup.n+1 memory
transfers and the generation of n+1 random bits.
[0073] The method according to the present invention is based on a
different implementation of the compare.sub.b function, and in
particular an implementation which uses match-in-place
function.
[0074] Any processor has the usual instructions data.rarw.read(adr)
and write(data; adr) that read and write some data at some address
adr in memory. In match-in-place technology the processor has an
additional function MIP(data; adr) that works as follows:
MIP ( data ; adr ) 1 if read ( adr ) == { data 0 otherwise
##EQU00009##
[0075] In other words, data is matched at the memory location adr
and the value at address adr never leaves the memory.
[0076] In the present invention there is provided additional
function MIP.sup.I which is a bit-randomized version of the MIP
function, defined as follows:
MIP I ( data ; b if read ( adr ) == adr , b ) = { data b otherwise
##EQU00010##
[0077] Preferably there exists the following relationship:
MIP.sup.I(data; adr; b)=MIP(data; adr).sym.b
[0078] Using the MIP.sup.I function, the compare.sub.b function can
be simply implemented as follows, where adr is a free address in
memory. [0079] compare.sub.b (x; y): [0080] 1. Write (x; adr)
[0081] 2. Return MIP.sup.I (y; adr; b) Once x has been written at
address adr in memory, the MIP.sup.I(y; adr; b) function returns b
if x=y and b otherwise, as required by the compare.sub.b
function.
[0082] Using the MIP.sup.I function the computation of a
second-order masked S-box function from a second-order masked input
becomes as follows: [0083] Input: A masked value
x=x.sym.r.sub.1.sym.r.sub.2.sym..epsilon.F.sup.n.sub.2, a pair of
output masks s.sub.1; s.sub.2.epsilon.F.sup.n2, a free memory
address adr. [0084] Output: The masked S-box function output
S(x).sym.s.sub.1.sym.S.sub.2 [0085] 1. b.rarw.rand(1) [0086] 2. for
a=0 to 2.sup.n-1 do [0087] (a) write (r.sub.1 .sym. a; adr) [0088]
(b) cmp.rarw.MIP.sup.I (r.sub.2; adr; b) [0089] (c) Rcmp.rarw.(S(x
.sym. a) .sym. s.sub.1) .sym. s.sub.2 [0090] 3. Return R.sub.b
[0091] The implementation of the compare.sub.b function based on
the MIP.sup.I function, satisfies the same property as the original
compare.sub.b function implementation; namely all intermediate
variables are independent of x.sym.y.
[0092] Note that the randomized function MIP.sup.I(y; adr; b) is
preferable. If the function MIP(y; adr) is used instead (by first
computing MIP(y; adr) and then returning MIP(y; adr) .sym.b) then
the implementation would be insecure, as the intermediate variable
MIP(y; adr) is not independent from x.sym.y.
[0093] FIG. 3 shows a table which compares the efficiency of the
original implementation of compare.sub.b function and the
implementation of the compare.sub.b function according to the
present invention (i.e. using the MIP.sup.I function). It is clear
that fewer operations and less RAM is required to implement the
compare.sub.b function according to the present invention.
[0094] FIG. 4 shows a table which compares the efficiency of a
masking algorithm originally implemented and a masking algorithm
implemented according to the present invention (i.e. using the
MIP.sup.I function). For AES with n=8, the present invention
requires 1 byte of RAM (instead of 2n), 1024 XORs (instead of 1536)
and 512 memory transfers (instead of 769). If XORs and memory
transfers have the same cost, the present invention variant is 33%
faster the original implementation. Thus, for the same level of
security, the present invention provides a faster counter-measure
which requires less RAM.
[0095] Various modifications and variations to the described
embodiments of the invention will be apparent to those skilled in
the art without departing from the scope of the invention as
defined in the appended claims. Although the invention has been
described in connection with specific preferred embodiments, it
should be understood that the invention as claimed should not be
unduly limited to such specific embodiment.
* * * * *